remote packet injection exploits browser vulnerability to run artibrary code as root
I have a customer interested in purchasing a preinstalled Ubuntu Linux desktop PC. In the past he has had problems with a highly skilled cracker targeting and successfully exploiting his systems. The cracker's goal appears to be to cause as much grief as possible, without stealing money or committing identity theft, usually by catastrophically damaging the OS and in one case corrupting the BIOS.
Without being a security expert, my best guess is that under the following conditions:
- hardware firewall with no forwarded ports
- PC's OS has no open ports
- victim has not run any exploit code on his machine
- victim has not visited a maliciously crafted web site
- attacker has no physical access
- attacker knows victim's ISP, IP address, name, address, etc.
- attacker has possibly compromised the ISP's network
web site packet injection is the only remaining method of compromising the customer's system. In other words, the victim is browsing the web, the attacker is monitoring the victim's traffic, the attacker sends a packet to the victim masquerading as traffic from the web site, the victim's web browser receives the malicious data and runs the payload using the victim's sudoer privileges.
Is this scenario plausible? If so, how can the victim protect himself? Are there older versions of browsers that are "feature frozen" but are fully security patched?
I realize this is an extremely unusual situation, being that the security problem is due to a personal vendetta rather than just implementing best practices. And about the BIOS exploit... Yes it sounds crazy, but it would be possible if the attacker wrote boot sectors (or OS startup processes) to flash the BIOS on next reboot. This has been ongoing for over five years, to give you an idea of the attacker's relentlessness.
Thanks so much everyone.